Hardware: VPS bought online YunoHost version: 4.2.8.3 I have access to my server : Through SSH | through the webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hi,
I’ve a simple question about SSO.
I installed the Nextcloud application, and I was expected to be automatically logged in to nextcloud if I was already logged in to Yunohost.
Is this the way it should work ?
And if so, what could I check to solve this bug ?
Our other apps does not seem ready for SSO (Mailman3, Gitea).
But I can install any app for testing, if you recommend one
We were using Nextcloud for years, and we migrated to Yunohost a few month ago.
We develop some scripts to re-create data in Nextcloud, but the users were created through the Yunohost API.
So, maybe there was something wrong here ?
It would be possible to reinstall Nextcloud, but it would take some time.
A maybe-related bug : regularly, some users can’t login to Nextcloud, without any error message (neither the website, nor the JS console, nor the server logs).
We need to clear cookies in order to login again.
We think we found a possible cause : yunohost is installed in a subdomain, and Nextcloud is using another “sibling” subdomain !
So the cookie domain is wrong…
Sharp! In my cases, Nextcloud is either installed on the Yuno-domain in a subdirectory (eg, online.osba.nl/nextcloud, with online.osba.nl as main domain), or in a subdomain of the Yuno-domain (cloud.fakraz.nl with the main domain at fakraz.nl).
In your case, I expect Yunohost’s main domain to be (for example) yunohost.grubhska.fr, with Nextcloud on nextcloud.grubhska.fr ? Still, both are installed on the same server, are they not?
Because of the migration we made wrong decision about subdomains : before Yunohost, we had only Nextcloud on cloud.domain.com.
So, we installed Yunohost on cloud1.domain.com and Nextcloud on cloud.domain.com.
But this still needed users to change their email client configuration…
So we just decided to change everything and make a clearer configuration.
We can’t put Yunohost on domain.com because it’s the website of our association.
Ideally, we would have Yunohost on something like portal.domain.com, and nextcloud on cloud.domain.com, however I don’t like email server to be “portal.domain.com”
I don’t know if we can have a different subdomain for email server, I tried but I had client complaining about wrong certificate domain, and I saw wildcard certificate are not yet supported.
We need some more reflexion and investigation here !
The idea is to have no change for visitors of https://domain.com, because they can keep visiting the old address, and Yunohost will forward them.
I see two possible problems:
Yunohost will try to catch all traffic to addresses on the domain and redirect to the default page, or another configured page/app. There is, in this case, no domain configured and no app installed at www.domain.com (at least, not in Yunohost). I think the definition of the domain www.domain.com is needed in Yunohost, perhaps in combination with installation the ‘custom webapp’ on www.domain.com to ‘punch a hole’ in Yunohost security to allow access to your website.
Thinking some more about it, maybe you can even install both Yunohost and the association website at the main domain, as long as you configure the custom web app in Yunohost to allow traffic to your website (for each of the paths in your website, so perhaps you need a custom webapp for https://domain.com/news, one for https://domain.com/contact, etc).